Closed benhoyt closed 1 month ago
Secrets are known to be buggy on main; look at #86 for the state of the art. v6 branch should contain that as well, so I'd recommending testing against v6 if you're looking at model consistency.
Regarding the implementation I'm on board, and the bypass-frozen- happens in multiple places in state.py. I'm also not happy about that but didn't find a neater solution yet.
Secrets are known to be buggy on main; look at https://github.com/canonical/ops-scenario/pull/86 for the state of the art. v6 branch should contain that as well, so I'd recommending testing against v6 if you're looking at model consistency.
Oh, sorry, I'd forgotten about that PR. I'm on leave tomorrow and Friday, but I'll re-test this stuff against v6 on Monday and see if any of the issues are still there.
- [ ]
Secret.changed_event
and related properties have a typo in the field name: Fix Event field name ("name" -> "path") #94
Already fixed.
- [ ]
Secret.granted
doesn't seem to be used or enforced; the docs imply you need it (which seems correct), but secrets-related tests work fine without it, and from grepping the code it looks likegranted
is not referenced at all.
Already fixed.
- [ ]
_MockModelBackend._get_secret
needs to update the label if both "id" and "label" are specified in thesecret-get
call. This is how Juju works; Harness does this here. A possible diff to fix this is shown below.
Will fix.
- [ ] Relatedly, the "bypass frozen metadata" in the existing implementation gives me the heebie-jeebies. Won't that break the immutability/hashing contract, and perhaps the concept of Scenario state? (See your docs.) I wonder if we could revisit this? Maybe
Secret
shouldn't be frozen, or maybe it should be modelled differently.
Pietro and I don't love these either, for what it's worth. It should violate the immutability, because the objects being changed should only be the ones in the output state, before it's given back to the caller. However, it would be good to have a cleaner method for this. I'll open an issue for that.
- [ ] The line
object.__setattr__(self, "contents"[revision + 1], content)
inSecret._update_metadata
looks like a typo. Perhaps it should beself.contents[revision + 1] = content
or similar?
Already fixed.
When writing a bunch of Scenario tests today, I found a few issues with secrets:
Secret.changed_event
and related properties have a typo in the field name: https://github.com/canonical/ops-scenario/pull/94Secret.granted
doesn't seem to be used or enforced; the docs imply you need it (which seems correct), but secrets-related tests work fine without it, and from grepping the code it looks likegranted
is not referenced at all._MockModelBackend._get_secret
needs to update the label if both "id" and "label" are specified in thesecret-get
call. This is how Juju works; Harness does this here. A possible diff to fix this is shown below.Secret
shouldn't be frozen, or maybe it should be modelled differently.object.__setattr__(self, "contents"[revision + 1], content)
inSecret._update_metadata
looks like a typo. Perhaps it should beself.contents[revision + 1] = content
or similar?Possible diff to make _get_secret apply label